storage
crun
storage | crun | |
---|---|---|
5 | 30 | |
526 | 2,797 | |
1.0% | 2.0% | |
9.7 | 9.3 | |
2 days ago | 2 days ago | |
Go | C | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
storage
-
Where are the containers located on my system?
Check here: https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md
-
Storage Solutions & Their Use Cases
One example that keeps popping up over the years is containers and ZFS or more specifically Linux kernel namespaces and ZFS. First LXD in 2016, podman in 2020 and 2021. There is docker issues in the past as well with the ZFS storage driver or overlayfs. These issues are fixed rather quickly by ZFS (because they are very good at what they do) or by upstream, but bugs keep happening. It is something I do not want to deal with. As I expect future problems with ZFS and projects that depend on specific features of the linux kernel, I prefer using something else. In this case Stratis, LVM and XFS, or LVM and ext4.
-
How to mount network storage into podman rootless container?
I tried using NFS because I know it well, and it is easy to do using ZFS. This Red Hat blog post says NFS should work and it does not work at the same time. I decided to just try. The ZFS server has no idea about the subuids on the podman host, so I had to mess around with --uidmap and --gidmap. That worked, as long as I did not use a pod. To keep things neat and simple, I tried to put all my Nextcloud containers into one pod. However, the id-mapping features cannot map multiple container IDs to the same host IDs. So, I cannot map the www-data (70) user and the postgres (82) user to localadmin (1000) on the podman host. Next, I tried directly mounting the NFS share as a volume using the '--opt type=nfs4' option when creating the volumes. Right away, I learned that rootless containers can't mount network shares. Makes a certain kind of sense and is also documented in the man page. But I first tried using root containers, to prove out the concept. The volumes mounted without complaint, but I landed back at square one because the id-mapping is not applied anywhere now. Appears to me that, NFS is a complete dud for this kind of application.
- Overlay: Support Native Rootless Mounts
-
Podman: A Daemonless Container Engine
Docker is properly attributed to, see https://github.com/containers/storage/blob/a4cc7aa79e050c976...
I think OP wanted to say that Podman hates Docker what is not I feel when I'm interacting with the community there. People who use Podman do it because of it's additional features that Docker does not have, like starting an Container from a rootfs or mounting the currect directory in a container using "." as path. It's a lot of small things that make Podman better.
crun
-
Show HN: dockerc – Docker image to static executable "compiler"
Yep pretty much.
The executables bundle crun (a container runtime)[0], and a fuse implementation of squashfs and overlayfs. Appended to that is a squashfs of the image.
At runtime the squashfs and overlayfs are mounted and the container is started.
[0]: https://github.com/containers/crun
-
Howto: WASM runtimes in Docker / Colima
cpu: 4 disk: 60 memory: 12 arch: host hostname: colima autoActivate: true forwardAgent: false # I only tested this with 'docker', not 'containerd': runtime: docker kubernetes: enabled: false version: v1.24.3+k3s1 k3sArgs: [] network: address: true dns: [] dnsHosts: host.docker.internal: host.lima.internal # Added: # - containerd-snapshotter: true (meaning containerd will be used for pulling images) # - default-runtime / runtimes: crun (instead of the default 'runc') docker: default-runtime: crun features: buildkit: true containerd-snapshotter: true runtimes: crun: path: /usr/local/bin/crun vmType: vz rosetta: true mountType: virtiofs mountInotify: false cpuType: host # This provisioning script installs WasmEdge and builds crun with wasmedge support: provision: - mode: system script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 echo "Install system updates:" apt-get update -y apt-get upgrade -y echo "Install WasmEdge and crun dependencies:" # NOTE: packages curl git python3 already installed: apt-get install -y make gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf automake criu apt-get clean -y - mode: user script: | [ -f /etc/docker/daemon.json ] && echo "Already provisioned!" && exit 0 echo "Installing WasmEdge:" curl -sSf https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p /usr/local echo echo "`wasmedge -v` installed!" # NOTE: I failed to Configure Wasmtime properly - turned off for now: #echo "Installing Wasmtime:" #curl -sSf https://wasmtime.dev/install.sh | bash #sudo cp .wasmtime/bin/* /usr/local/bin/ #rm -rf .wasmtime #echo "`wasmtime -V` installed!" echo "Install crun:" git clone https://github.com/containers/crun cd crun ./autogen.sh #./configure --with-wasmedge --with-wasmtime ./configure --with-wasmedge make sudo make install crun -v echo "crun installed! Replacing runc with crun:" # NOTE: replacing runc with runc is to simplify containerd config TRC=`which runc` sudo rm -rf $TRC sudo cp `which crun` $TRC echo "Configuring containerd:" sudo mkdir -p /etc/containerd/ containerd config default | sudo tee /etc/containerd/config.toml >/dev/null echo "Restarting/reloading docker/containerd services:" sudo systemctl daemon-reload sudo systemctl restart containerd # As soon as Colima writes its /etc/docker/daemon.json file (right after this provisioning script), # it will also start the Docker daemon. If we stop Docker here, the changes will actually take effect: sudo systemctl stop docker sshConfig: true mounts: [] env: {}
-
Google assigns a CVE for libwebp and gives it a 10.0 score
On this note, I was really surprised to find Red Hat's OCI runtime is written in C: https://github.com/containers/crun
Is anyone working on a Rust version?
-
US Cybersecurity: The Urgent Need for Memory Safety in Software Products
It's interesting that, in light of things like this, you still see large software companies adding support for new components written in non-memory safe languages (e.g. C)
As an example Red Hat OpenShift added support for crun(https://github.com/containers/crun) this year(https://cloud.redhat.com/blog/whats-new-in-red-hat-openshift...), which is written in C as an alternative to runc, which is written in Go(https://github.com/opencontainers/runc)...
- Barco: Linux Containers from Scratch in C
-
Crun: Fast and lightweight OCI runtime and C library for running containers
Kubernetes needs an OCI runtime to run containers with. Crun is one implementation it can use.
Docker also appears to be able to use crun for it's engine as well. https://github.com/containers/crun/issues/37
-
Best virtualization solution with Ubuntu 22.04
crun
- Why did the Krustlet project die?
-
Is this an incompatibility with docker or an I doing something else wrong?
Looks like https://github.com/containers/crun/issues/255 - start there.
What are some alternatives?
asciinema - Platform for hosting and sharing terminal session recordings
runc - CLI tool for spawning and running containers according to the OCI specification
go - The Go programming language
youki - A container runtime written in Rust
zfs - OpenZFS on Linux and FreeBSD
cri-o - Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
podman - Podman: A tool for managing OCI containers and pods.
railcar - RailCar: Rust implementation of the Open Containers Initiative oci-runtime
wasm-micro-runtime - WebAssembly Micro Runtime (WAMR)
docker - Docker - the open-source application container engine
runtime-tools - OCI Runtime Tools